Privacy Policy
1. Data controller
The controller for the processing described below is Charles LINDECKER, publisher of League Of Data Base (see the legal notice). Contact for any personal-data matter: charles.lindecker@outlook.fr or charles.lindecker@outlook.fr.
League Of Data Base is an encyclopedia you can browse without an account. Data collection is kept to the strict minimum: no profiling, no sale of data, no advertising, no third-party trackers. The service does not target minors and collects no special-category ("sensitive") data.
2. Processing activities
| Processing | Data | Legal basis | Retention |
|---|---|---|---|
| User account account creation and management |
Email address, summoner name (pseudonym), password (stored only as a hash), favorites, public/private profile preference | Performance of a contract (art. 6(1)(b) GDPR) | Until account deletion (the "Delete my account" button on the profile page) |
| User content champion builds and configurations |
Build content, name, chosen visibility (private, public or link sharing), link to the author's account | Performance of a contract (art. 6(1)(b) GDPR) | Until deleted by the author, or until account deletion (which also deletes the builds) |
| Audience measurement first-party traffic statistics |
See section 3 for the full field list (IP address, User-Agent, pages viewed, referrer, optional country…) | Legitimate interest (art. 6(1)(f) GDPR): understanding and improving how the site is used | Raw logs: kept until their consolidation and deletion, both carried out manually by the publisher (no fixed retention period is guaranteed). Statistical aggregates without IP or User-Agent: kept without a time limit |
| Donations voluntary support via Stripe |
Payment is handled entirely by Stripe: we never receive or store any card data. We only keep the technical confirmation of the donation (status, amount) | Performance of the donation contract (art. 6(1)(b)) and legitimate interest for bookkeeping | Confirmations kept for the duration of applicable accounting obligations; receipts are issued and kept by Stripe |
| Session and preferences first-party cookies |
Session cookie, opt-in language/version preference, "stay signed in" cookie | Legitimate interest / consent depending on the cookie | Full details in the cookie policy |
3. Audience measurement in detail
Traffic is measured by a first-party, server-side, cookieless system built for this site. No third-party tool (Google Analytics or similar) is used and no data is shared with anyone. Only views of the public pages (home page, lists and detail pages for champions, items, runes and summoner spells) are recorded.
Each page view produces an event containing:
- the timestamp (UTC), the page viewed (route and path), the resource and entity displayed (e.g. a champion's page), and the HTTP status code;
- the requested Data Dragon version and language, and the interface language;
- your IP address and your browser's User-Agent string, from which the browser, operating system, device type and a "bot" flag are derived;
- the referring site (origin host plus a classification: direct, internal, search engine, social network, other);
- a pseudonymous visitor identifier: a truncated HMAC-SHA256 fingerprint computed from the IP and User-Agent with a secret key known only to the server — it lets us count unique visitors without identifying them;
- optionally, the country (ISO code and name): only when a local GeoLite2 geolocation database is installed on the server; the IP is then resolved locally, with no request to any external service. Without that database, no location data is produced.
These events are written to daily log files stored on our server, then consolidated into daily statistical aggregates (counters per page, browser, country, and so on) kept on our internal storage. The aggregates contain neither IP addresses nor User-Agent strings. Consolidation and deletion of the raw logs are carried out manually by the publisher, with no fixed retention period guaranteed; the aggregates, which contain no directly identifying data, are kept without a time limit. Access to this data is restricted to the site publisher.
You may object to this legitimate-interest processing as described in section 4.
4. Your rights
Under the GDPR you have the following rights:
- Access — obtain a copy of the data held about you;
- Rectification — correct inaccurate data (email, summoner name…);
- Erasure — the "Delete my account" button on the profile page immediately deletes your account and all your builds; you may also request erasure by email;
- Portability — receive the data you provided in a structured, machine-readable format;
- Objection — object to processing based on legitimate interest, including audience measurement;
- Restriction — request the temporary freezing of a processing activity.
To exercise these rights: charles.lindecker@outlook.fr or charles.lindecker@outlook.fr. You will receive an answer within one month. If you believe your rights are not respected, you may lodge a complaint with your supervisory authority — in France, the CNIL: www.cnil.fr.
5. Recipients and processors
Data is never sold, rented or shared for advertising purposes. It is accessible only to the site publisher and to the strictly necessary technical processors:
- Hostinger — HOSTINGER operations, UAB — hosting of the site and its data;
- Stripe — donation processing (see the Stripe privacy policy).
No profiling and no fully automated decision producing legal effects is carried out.
6. Transfers outside the EU
The site's data is hosted by Hostinger — HOSTINGER operations, UAB. The only transfer that may occur outside the European Union concerns donations: Stripe (Stripe Payments Europe Ltd, and Stripe, Inc. in the United States) may process payment data outside the EU. Those transfers are governed by the European Commission's Standard Contractual Clauses and Stripe's compliance mechanisms.
7. Security
- TLS (HTTPS) encryption of all communications;
- passwords stored only as hashes produced by a modern algorithm — never in clear text;
- signed, HttpOnly and Secure cookies (see the cookie policy);
- access to logs and to the administration interface restricted to the publisher.
8. Changes to this policy
This policy may evolve together with the site's features. The effective date shown at the top of the page is updated on every substantial change; for any major change affecting your rights, a visible notice will be displayed on the site.